Privacy Policy

AI2PI Teacher Academy — Privacy Policy

Erasmus+ Project GAP-101196121 Last updated: 3 February 2026

1. Introduction

This Privacy Policy explains how the website of the AI2PI Teacher Academy (ai2pi.eu) collects, uses, stores, and shares personal data when you visit or interact with this site. It applies to all pages served under this domain.

This policy has been prepared in accordance with the EU General Data Protection Regulation (GDPR, Regulation 2016/679) and the ePrivacy Directive (2002/58/EC), and reflects the data protection obligations required by the Erasmus+ Grant Agreement (Article 15) governing this project.

2. Data Controller

The data controller — the organisation legally responsible for how your personal data is processed — is:

Data controller
Organisation Humboldt-Universität zu Berlin
Representative The President, Prof. Dr. Julia von Blumenthal
Postal address Unter den Linden 6, 10099 Berlin
Phone +49 (30) 2093-2100
Email praesidentin@hu-berlin.de

Data Protection Officer
Name Ms Gesine Hoffmann-Holland
Phone +49 (30) 2093-20020
Email datenschutz@hu-berlin.de

3. What personal data we collect

When you visit this website, certain types of personal data are collected automatically or as a necessary part of site functionality. We do not ask you to create an account or submit personal information beyond what is described below.

3.1 Server access logs

The web server that hosts this site records standard access logs for every page request. These logs contain:

  • Your IP address (the network identifier of your device)
  • The date and time of the request
  • The specific page or resource you requested (the URL path)
  • Your browser type and version (the User-Agent string sent by your browser)
  • The referring page, if you arrived via a link from another site
  • The HTTP status code returned (e.g. 200 for success, 404 for not found)

These logs are generated by the server automatically; you cannot prevent them simply by visiting the site.

3.2 Session cookie (grav_session)

The site uses Grav CMS, which sets a single session cookie called grav_session. This cookie is used exclusively to manage form submissions and protect against cross-site request forgery (CSRF). It does not track your identity or behaviour across visits.

This cookie is strictly necessary for the site to function correctly and is therefore exempt from consent requirements under the ePrivacy Directive (Article 5(3)).

3.3 Internal page-statistics plugin

The site runs a Grav plugin that collects basic page-visit statistics. This is a self-hosted plugin with no connection to any external service — all data is stored and processed on the site's own server. No personal data leaves the site as a result of this plugin.

3.4 Font CDN request (cdnfonts.com)

The site loads the D-Din typeface from an external content delivery network (fonts.cdnfonts.com). When your browser loads the font stylesheet, it sends your IP address and the referring page URL to cdnfonts.com. No cookie is set by this request, but the IP address constitutes personal data under GDPR.

3.5 Newsletter sign-up (email address)

The site includes a newsletter sign-up page at /newsletter. If you choose to subscribe, you provide your email address along with the date and time of registration. This is a voluntary action — you are not required to sign up to use the site. You can cancel your subscription at any time without giving reasons by using the unsubscribe link included in every newsletter. Cancellation revokes your consent and your data will be deleted.

Email service provider: The AI2PI newsletter is managed via Sympa, an internal mailing-list service operated by Humboldt-Universität zu Berlin (sympa.cms.hu-berlin.de). Your email address is processed on HU Berlin's own infrastructure. No third-party email processor is involved.

3.6 YouTube video embeds

The site may embed videos hosted on YouTube, a platform operated by Google Ireland Limited (Google Building Gordon House, Barrow St, Dublin 4, Ireland). The legal basis for processing your personal data in this context is your consent under Art. 6(1)(a) GDPR.

YouTube embeds on this site use privacy-enhanced mode (youtube-nocookie.com). In this mode, no connection to Google's servers is made and no cookies are set until you actively choose to play a video. Once you start playback, the following happens:

  • A request is sent to a Google server (typically in the USA), transmitting the URL of the page you are on and the IP address of your device.
  • YouTube may set cookies to collect information about your usage behaviour — for example, to record video statistics, improve the service, and prevent misuse.
  • If you are logged into a Google account at the time you play the video, your activity may be linked to that account. If you do not want this, log out of Google before playing the video. Google stores this data as usage profiles and may use it for advertising and market research.

You have the right to object to the creation of these usage profiles. Please contact Google directly for this purpose.

Because Google may transfer personal data to affiliates and subprocessors in countries outside the EU and EEA, additional safeguards are in place. For transfers to the USA, the EU–US Data Privacy Framework adequacy decision (Art. 45(1) GDPR) applies; Google LLC is certified under this framework. For transfers to other third countries without an adequacy decision, standard data protection clauses under Art. 46(2)(c) GDPR have been agreed with the provider.

Further information on Google's data protection and data use can be found at: https://policies.google.com/privacy

4. Purpose of processing

Each type of data we collect is used for a specific, defined purpose. We do not use your data for marketing, profiling, or any purpose beyond what is listed in the table below.

Data type Purpose Legal basis Retention
Server access logs (IP, timestamps, URLs, User-Agent) Security monitoring, troubleshooting, and provision of the website as part of the university's public tasks Public task / official authority (Art. 6(1)(e) GDPR in conjunction with §§ 4, 6 BerlHG) Four weeks. After that, IP addresses are truncated to domain level so that no individual user can be identified.
grav_session cookie Preventing cross-site request forgery; enabling form submissions Strictly necessary for service (ePrivacy Art. 5(3), exempt from consent) Duration of the browser session only
Page-visit statistics (internal plugin) Monitoring site usage to improve the educational resource Public task / official authority (Art. 6(1)(e) GDPR in conjunction with §§ 4, 6 BerlHG) Rolling 12 months. Older data is deleted when new data is added.
IP address sent to cdnfonts.com on font load Delivery of the site's typeface; handled by the CDN provider Public task / official authority (Art. 6(1)(e) GDPR in conjunction with §§ 4, 6 BerlHG) Governed by cdnfonts.com's own privacy policy
Email address, date and time of registration (newsletter sign-up) Sending project updates and news to subscribers who opted in Consent (Art. 6(1)(a) GDPR) — voluntary sign-up; revocable at any time via unsubscribe link For as long as the newsletter subscription is active. Deleted upon unsubscription.
Name, email, message content and any other details submitted via the contact form Processing the respective request (e.g. making contact, event registration) Consent (Art. 6(1)(a) GDPR) — use of the form is voluntary and revocable Only as long as necessary to process the request, or as long as statutory retention obligations require
Page URL and IP address sent to Google when a YouTube video is played Delivery and playback of the embedded video Consent (Art. 6(1)(a) GDPR) — triggered only when you actively play a video Governed by Google's own privacy policy

5. Third-party data sharing

We share personal data with third parties only where technically necessary to operate this site. We do not sell, rent, or trade personal data.

Current third-party data recipients

Recipient Details
cdnfonts.com Receives your IP address and referrer when the D-Din font is loaded. No cookie is set. Their processing is governed by their own privacy policy, available at fonts.cdnfonts.com.
LinkedIn A plain link in the footer. No embed, no script, no data is sent to LinkedIn when you view the page.
Google Ireland Limited (YouTube) Receives the page URL and your IP address when you play an embedded YouTube video. Uses privacy-enhanced mode (youtube-nocookie.com) — no data is sent before you press play. YouTube may set cookies after playback begins. Transfers to the USA are covered by the EU–US Data Privacy Framework adequacy decision. See https://policies.google.com/privacy

6. Legal basis for processing

Every type of personal data processing carried out by this site has a specific legal basis under GDPR Article 6. Because the AI2PI Teacher Academy is an Erasmus+ project coordinated by Humboldt-Universität zu Berlin — a public university — the legal basis for core site operations is the performance of a public task:

  • Public task / official authority (Art. 6(1)(e) GDPR, in conjunction with §§ 4, 6 BerlHG) — Server access logs are processed to maintain the security of the website and the university's IT infrastructure, and to provide the site as part of the university's public tasks. Internal page-visit statistics serve the same purpose. The IP address that reaches cdnfonts.com is an incidental consequence of loading the site's typeface.

  • Strictly necessary for service (ePrivacy Directive Art. 5(3)) — The grav_session cookie is required for form functionality and CSRF protection. It is exempt from the cookie consent requirement.

  • Consent (Art. 6(1)(a) GDPR) — Newsletter subscriptions and contact-form submissions are both voluntary. You give consent by signing up or by submitting the form. YouTube video embeds use privacy-enhanced mode and do not contact Google's servers until you actively press play; playback itself constitutes your consent. You may revoke your consent at any time: for the newsletter, use the unsubscribe link in any newsletter email; for the contact form, send a revocation request to the DPO address in Section 2. Revocation does not affect the legality of any processing carried out before the revocation.

7. Data retention

We keep personal data only as long as necessary for the purpose it was collected. Specific retention periods are shown in the table in Section 4. In general:

  • Server access logs are kept for four weeks. After that, IP addresses are truncated to domain level so that no individual user can be identified.
  • The session cookie expires when you close your browser.
  • Page-visit statistics are kept on a rolling 12-month basis. Older data is deleted when new data is added.
  • Data held by cdnfonts.com is subject to their own retention policy.

8. Your rights under GDPR

As a data subject, you have the following rights under GDPR Articles 15–22:

  • Right of access (Art. 15) — You may request a copy of the personal data we hold about you.
  • Right to erasure (Art. 17) — You may request deletion of your personal data, subject to legal obligations that require us to retain it (e.g. security logs).
  • Right to data portability (Art. 20) — You may request your data in a structured, machine-readable format.
  • Right to object (Art. 21) — You may object to processing based on legitimate interest. If the objection is valid, we will cease processing.
  • Right to restriction (Art. 18) — You may request that we limit how we use your data while a dispute is resolved.
  • Right to rectification (Art. 16) — You may ask us to correct inaccurate personal data we hold.

To exercise any of these rights, please contact us using the details in Section 2 above. We will respond within 30 days as required by GDPR.

9. Right to lodge a complaint

If you believe your data protection rights have not been respected, you have the right to lodge a complaint with a supervisory authority. As the data controller is based in Germany, the relevant supervisory authority is:

Berliner Datenschutzbeauftragte Friedrichstraße 219 10117 Berlin Tel: +49 30 18805 0 E-Mail: datenschutz@berlin.de Website: datenschutz.berlin.de

10. Changes to this Privacy Policy

We may update this Privacy Policy if we change how the site works or if legal requirements change. The date at the top of this page always reflects the most recent revision. We encourage you to review this policy when you visit the site.